Skip to main content
All CollectionsArchitectureFrends Platform Architecture
Introduction to Frends Azure Architecture
Introduction to Frends Azure Architecture

Basics of Azure Architecture

Ossi Galkin avatar
Written by Ossi Galkin
Updated over a week ago

Frends Azure Architecture

Azure Components

The Frends iPaaS service utilizes the following Microsoft Azure components and is delivered from Azure North Europe (Ireland) and Azure West Europe (Netherlands) data centres:

The Azure virtual network enables Frends Azure resources to securely communicate with each other, the internet, and on-premises networks.

All connections to Frends are secured using valid SSL certificates and pass through the Azure WAF.

An Agent has different databases to store configuration data, cache log data and store a shared state between Agents inside of an Agent Group.

When Agents inside of an Agent Group are configured to function as a High Availability (HA) group (this is set by default when there is more than one Agent), they require a shared state store to orchestrate File Watch, Schedule and Conditional Triggers.

It is possible, although not recommended, to install more than one Agent without a shared state store. In this case only one predefined Primary Agent (not dynamic) executes File, Schedule and Conditional Triggers. This is not a recommended installation model and may not support all future features.

The Agent supports the following databases:

  • Microsoft SQL Server
    Can be used for configuration and shared state storage
    Secured either through an SQL Login or Integrated security
    Agent user has the following access to the database: db_datareader, db_datawriter, execute

  • SQLite
    Used for caching log data when there's no access to the Service Bus or Azure Storage
    Can be used by the Cross-platform Agent for Configuration storage
    Can be used by the Cross-platform Agent for shared state storage when in a non-HA configuration
    Secured through file access on the local machine

The Agent's access to the Blob Storage is SSL secured and authenticated with limited access Shared Access Signatures (SAS) at a Blob Container or Blob level. The Agent uses the Blob storage for the following purposes:

  • Reading and writing to the Large Message Storage:
    Used to store messages that do not fit inside of a single Azure Service Bus Message (>200KB)
    Each Agent Group has its own Blob container for storing large messages
    Service Bus messages contain a SAS signed URI to access the Blob containing the large messages

  • Retrieving compiled Processes as NuGet packages (NuGet repository) (Used by the Legacy Agent)

  • Retrieving compiled Processes as Process Host packages (Process host package store) (Used by the Cross-platform Agent)

The Agent requires connectivity to the Azure or Cleura cloud where the Frends Control Panel is hosted. It mainly uses the Azure Service Bus or RabbitMQ as a message bus for communication and Azure Storage or Ceph (Blob storage) for larger data amounts.

Connections to the Message Bus are SSL secured and the Agent uses a limited access connection string for authentication. The Agent uses the Message Bus for the following purposes:

  • Receiving Process deployments from the Control Panel

  • Receiving other configuration data from the Control Panel, such as Environment Variables, API Key configurations, OAuth settings, etc

  • Sending Process log data to the Log Service

  • Sending Heartbeats and system log data to the Log Service

  • Requesting Remote Subprocess executions on Agents in the same Environment

  • Receiving Remote Subprocess execution requests from Agents in the same Environment

  • Receiving Manual Process execution requests from the Control Panel

Frends stores secure keys and certificates in the Azure Key Vault and accessed by the web application when needed.

The next article is Introduction to Development Flow
โ€‹

Did this answer your question?